Posts: 86
Threads: 37
Joined: Jan 2016
Reputation:
0
Hi,
Do i need not let people write ' and " ? is that escaping already or it's not harm, i mean talking about syntax's errors.
Posts: 4,759
Threads: 33
Joined: Dec 2013
Reputation:
0
On the chat? Well, no. Nothing happens if they use those characters.
In a script use, ' and \".
' = '
\" = "
Posts: 86
Threads: 37
Joined: Jan 2016
Reputation:
0
I'am talking about mysql queries:
update table set text='%s'
%s is text from variable, it contains saying that:
knlb'gas";qweasd
Then query look:
update table set text='knlb'gas";qweasd'
Structure looks that query will end at update table set text='knlb' i'am right or no? do i get syntax error?
Posts: 86
Threads: 37
Joined: Jan 2016
Reputation:
0
Escaping doing it already, or i need to it myself? because it will be text from variable.
Posts: 2,593
Threads: 34
Joined: Dec 2007
Yes you should escape every player text WHERE text = '%q' or in mysql_format %e